Web Programming, Linux System Administation, and Entrepreneurship in Athens Georgia

Testing for Vulnerable Caching Name Servers

Most of the technical community has probably heard of the recently found DNS weakness. The basic premise is that if a recursive nameserver doesn’t use sufficently random source ports when making recursive queries, it can be vulnerable to an attacker who is trying to poisen the cache, or fill it with incorrect data.

I’ve now heard reports about it from various news sources who make it sound much more drastic than it actually is. Granted, it is a serious flaw, but fortunately most companies with any desire for security use SSL, which provides an additional layer for identity verification. Also, for most any company with an IT staff, patching the DNS server with the required fixes should be a fairly trivial task. The most important servers to be fixed are those run by ISPs and Datacenters, both of which should have their servers fixed by now.

Tools for testing your DNS servers are fairly easy to come by. dns-oarc.net has a web-based test, although I don’t know how it discovers your DNS Servers. For windows users, you can run ‘nslookup’ like this: